summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-05-13 07:59:41 +1000
committerAndrew Bartlett <abartlet@samba.org>2010-05-14 23:25:45 +1000
commitb5dc39496272cbccdd45152f349362c2b779c326 (patch)
treea4792955392e6a1ac3a319eb0f2a486c3ed2f97f /source4
parent8da50c8da1527bafbb0ff4e86cc12fb54dd2b4b7 (diff)
downloadsamba-b5dc39496272cbccdd45152f349362c2b779c326.tar.gz
samba-b5dc39496272cbccdd45152f349362c2b779c326.tar.bz2
samba-b5dc39496272cbccdd45152f349362c2b779c326.zip
s4:gensec expose gensec_set_target_principal for use outside GENSEC
This allows for the rare case where the caller knows the target principal. The check for lp_client_use_spnego_principal() is moved to the spengo code to make this work. Andrew Bartlett
Diffstat (limited to 'source4')
-rw-r--r--source4/auth/gensec/gensec.c2
-rw-r--r--source4/auth/gensec/gensec.h2
-rw-r--r--source4/auth/gensec/gensec_krb5.c2
-rw-r--r--source4/auth/gensec/spnego.c5
4 files changed, 8 insertions, 3 deletions
diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c
index b532c1502d..c19d5ff5d5 100644
--- a/source4/auth/gensec/gensec.c
+++ b/source4/auth/gensec/gensec.c
@@ -1302,7 +1302,7 @@ _PUBLIC_ const struct tsocket_address *gensec_get_remote_address(struct gensec_s
*
*/
-NTSTATUS gensec_set_target_principal(struct gensec_security *gensec_security, const char *principal)
+_PUBLIC_ NTSTATUS gensec_set_target_principal(struct gensec_security *gensec_security, const char *principal)
{
gensec_security->target.principal = talloc_strdup(gensec_security, principal);
if (!gensec_security->target.principal) {
diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h
index 47adf039c0..45e24f194f 100644
--- a/source4/auth/gensec/gensec.h
+++ b/source4/auth/gensec/gensec.h
@@ -311,4 +311,6 @@ NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security,
int gensec_setting_int(struct gensec_settings *settings, const char *mechanism, const char *name, int default_value);
bool gensec_setting_bool(struct gensec_settings *settings, const char *mechanism, const char *name, bool default_value);
+NTSTATUS gensec_set_target_principal(struct gensec_security *gensec_security, const char *principal);
+
#endif /* __GENSEC_H__ */
diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
index c2f96d7b7f..d051b7f227 100644
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -299,7 +299,7 @@ static NTSTATUS gensec_krb5_common_client_start(struct gensec_security *gensec_s
}
in_data.length = 0;
- if (principal && lp_client_use_spnego_principal(gensec_security->settings->lp_ctx)) {
+ if (principal) {
krb5_principal target_principal;
ret = krb5_parse_name(gensec_krb5_state->smb_krb5_context->krb5_context, principal,
&target_principal);
diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c
index a715085d06..bbcba8dc5f 100644
--- a/source4/auth/gensec/spnego.c
+++ b/source4/auth/gensec/spnego.c
@@ -28,6 +28,7 @@
#include "auth/credentials/credentials.h"
#include "auth/gensec/gensec.h"
#include "auth/gensec/gensec_proto.h"
+#include "param/param.h"
enum spnego_state_position {
SPNEGO_SERVER_START,
@@ -826,7 +827,9 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
if (spnego.negTokenInit.targetPrincipal) {
DEBUG(5, ("Server claims it's principal name is %s\n", spnego.negTokenInit.targetPrincipal));
- gensec_set_target_principal(gensec_security, spnego.negTokenInit.targetPrincipal);
+ if (lp_client_use_spnego_principal(gensec_security->settings->lp_ctx)) {
+ gensec_set_target_principal(gensec_security, spnego.negTokenInit.targetPrincipal);
+ }
}
nt_status = gensec_spnego_parse_negTokenInit(gensec_security,